If it doesn't work the first time, press refresh (It's IE, sometimes it works and sometimes it decides not to)

As a solution you should click Tools-Internet Options and then press the Advanced Tab. Now scroll down to Multimedia and check the box (usually the first one) that says "Don't display online content media in the media bar".

Note: I have described this vulnerablity as a bypass to Microsoft's latest patch MS03-40. I was wrong, Microsoft explained that the patch fixed certain XML and Windows Media Player vulnerabilities but not the file:javascript vulnerability which is used in this proof of concept. This vulnerability is still UNPATCHED.

Credits go to Jelmer for combining the vulnerabilities he discovered with Liu Die Yu's vulnerabilities to create this final vulnerability (in the source code).

Download C:\Program Files\Windows Media Player\wmplayer.exe (ver 9) after running the test .

How it works

- Mindwarper read more